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CLOUDFLARE’S ZERO TRUST INTEGRATIONS CLOUDFLARE 


Build on the identity, endpoint, and 
cloud providers you already use 


Juggling multiple identity, endpoint, and cloud providers within an organization is inevitable, 

but need not be burdensome. At Cloudflare, our goal is to empower your organization with the 
most robust security in the easiest-to-use way. Unlike other vendors, we do not have any vested 
interest in what specific providers in those categories you work with today or in the future. 


We're agnostic. Therefore, our long-held strategy has been to design Cloudflare Zero Trust to 
integrate with as many other solutions as possible. 


Cloudflare global network 


Qo Single-pane management ©) GS Single-pass inspection 


AA Any identity Any endpoint Any cloud 
R Corporate SSOs Device posture App connectivity 
S" Social identities Client/OS config Log storage 


Through integrations, Cloudflare aggregates signals across multiple providers and serves as 

a single control pane to enforce context-rich, granular policies all across our global network. 
Moreover, these integrations do not require researching dense technical documentation; they are 
pre-built as workflows for more seamless, single-pane management. 


Here, we highlight three principles we follow to meet customers where they are: 
Identity agnostic: Authenticate users across multiple identity provider types for frictionless 


access across all users without any configuration headaches. 


Endpoint agnostic: Enrich your device posture checks in more granular and adaptive ways 
with signals both from your favorite endpoint providers and our device client. 


Cloud agnostic: Secure applications on any public or private (on-prem) cloud to avoid 
long-term vendor lock-in. 
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Aggregate multiple identities 
onto Cloudflare 


Multi-SSO 


Cloudflare built one of the first Zero Trust access 
solutions to support multiple identity providers (IdPs) 
simultaneously. Today, we integrate with leading 
corporate IdPs (such as Okta or Azure AD), as well as 
social identities (like LinkedIn or Github) and open source 
standards (like SAML or OIDC). Moreover, we support 
multiple instances of the same IdP: for example, a 
FedRAMP and non-FedRamp use of Okta. 


Federate multiple identities at once 


Our ability to federate identity across many IdPs can 
jumpstart the process of building identity-aware 
policies. Organizations no longer need to build custom 
integrations between their IdPs. 


Growth-stage organizations with more limited infosec 
personnel may find federation a particularly powerful 
tool to scale a Zero Trust approach without the hassle of 
consolidating a single centralized directory. 


®© 


Corporate SSO Internet Apps 
standard tenant 
- Corporate SSO =; 
BN | FedRAMP tenant co 
® — — Self-Hosted 

Enterprise IdP Apps 

Any user due to acquisition 

Social IdP 

for contractors — SaaS Apps 


Any identity 


Key features 


e Cloudflare integrates 
with multiple IdPs 
simultaneously, all 
best-in-class 


e Federate multiple 
providers and multiple 
instances of each provider 


e Faster onboarding for 
3rd party users and 
M&A partners 


Use Case: 


Making 3rd party users feel 
like first class citizens 


Cloudflare’s identity-agnostic 
approach is particularly 
handy when collaborating 
with third parties outside your 
organization such contractors, 
acquired businesses, or 
partners. Least-privileged 
access rules can be set up 

in minutes based on the 
identities these users already 
bring to the table. 


This no-fuss flexibility avoids 
the inefficiencies and security 
risks of provisioning SSO 
licences, deploying VPNs, or 
creating one-off permissions. 


No time wasted for either you 
or your users on learning a 
new SSO tool and memorizing 
new credentials. 
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Best-in-class endpoint protection partners 


Partnerships Configuration 

Cloudflare partners with Crowdstrike, Configuring any of these providers is just a 
SentinelOne, VMWare Carbon Black, and few clicks on the Cloudflare dashboard with 
Tanium. Customers can onboard multiple prebuilt workflows. Once set up, Cloudflare 
endpoint protection providers at once and can check that devices are running your 
leverage security signals and risk assessment preferred endpoint software to provide 
capabilities of those solutions. ongoing monitoring against malware and 


other threats before allowing or denying 
access to a protected application. 


Our endpoint agnostic approach to Zero Trust 


Fast and easy deployment on ..supporting multiple Posture checks with any endpoint 
any device... configurations protection provider 


\growpsTRiKE @; TANIUM 


Client on ; 
[C] tiop [] mosie gien" [E] ciennes 


Operating systems: Windows, Managed or ..and a growing 
macOS, iOS, Andriod, Linux self-enrollment number of partners 


(i) Sentinelone’ Carbon Black. 


Integrations enhanced by our device client (WARP) 


Leveling up security often requires a device client, which can enrich device posture checks with 
additional attributes. We've deliberately optimized ours for flexible and effortless adoption. 


Deploy on most operating systems Managed or self-enrollment options 


e Our enterprise client - WARP - works across e For managed devices, we document 


a growing list of the most popular operating deployments with any script-based method 
systems (e.g. Windows, macOS, Linux, across popular mobile device management 
iOS, and Android). MDM) Somat 
e Self-enrollment of WARP can be useful 
for third party users and only takes a few 
minutes for any desktop or mobile phone. 


e Our modern WireGuard architecture 
only ever requires minor OS-specific 
code tweaks. 


e Our enterprise client has a consumer 
version used daily by millions worldwide. 
Testing for so many individual users means 
WARP comes more battle-ready than most 
clients used for Zero Trust. 
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Avoiding cloud provider lock-in 


Problem 

Some, more monolithic vendors are primarily Key features 

interested in increasing your consumption of their 

cloud services, particularly at the storage and e Zero Trust access across 

compute layers. To nobody’s surprise, their add- public, private, and SaaS clouds 

on security solutions don’t integrate as smoothly environments 

as they should with other cloud providers. e No vendor lock-in to cloud compute 
Little inconveniences like weaker documentation or storage destinations 

and bugs add up. That tech stack lock-in makes e App connectors, network on-ramp 
life more difficult for your infosec teams. partners, and storage integrations 
Solution that make it easy for you to interact 


: f : with apps in any cloud 
By contrast, our strategic focus is your security - 


not your cloud consumption. Cloudflare is cloud 
agnostic: We secure access to any resource in 
any public, private, or SaaS cloud environment. 


Cloudflare is designed to prioritize your flexibility when 
securing any cloud-based app. 


Cloudflare strengths 
Extend connections to apps in any cloud Push log data to any cloud 


Our lightweight app connector works 


e Log data can be stored across clouds or sent 
in every cloud 


directly to analytics providers 


e Run command-line tool as a service on Linux e Built-in support for one or more storage 

and other OSes destinations concurrently including AWS, Azure, 
£ F Google Cloud, and any S3-compatible API (e.g. 
e Pre-packaged as a Docker container Digital Ocean Spaces) 
e Replica support for modern Kubernetes 


Snvironments e Built-in integrations with analytics and SIEM 


tools like Sumo Logic, Splunk, and Datadog 


B Extensive interconnects with cloud providers r z ; 
Security across any public or private cloud 


e Fast connections for users enabled by 10,000 
interconnects with other networks globally, 50 of 
which are private interconnects with Microsoft, 
Amazon, and Google’s data centers 


A Diverse network onramp partners that 


are not cloud-specific 


e Easily connect any public and private cloud 
environment to our network using your existing 
SD-WAN routing method (e.g. VMWare) or 
privately interconnect at over 1600 colo provider 
locations (e.g. Equinix) 
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a. 


CLOUDFLARE 


Roster of Zero Trust integration partners 


Over time, Cloudflare will aggregate signals from an even wider roster of your preferred providers, 


all bolstered by the intelligence of our Zero Trust platform and global network. 


@ Identity Providers 


Corporate SSOs 


Centrify 

Citrix ADC 

Google Workspace 
Jumpcloud 


Microsoft Active 
Directory and 
Azure AD 


Okta 
OneLogin 
Pingldentity 


ec Network Onramp Partners 


Physical Interconnect 
Partners 


365 Data Centers 
BBIX 

CoreSite 

Digital Realty 
EdgeConnexX 
Equinix 

Netrality Data 
Centers 


Teraco 


Zayo 


Social identities 
e Facebook 

e GitHub 

e Google 

e LinkedIn 

e Yandex 


[L] Endpoint Providers 


Open Source 
e OIDC 
e SAML 2.0 


Fabric Interconnect 
Partners 


e Console Connect / 
PCCW 


e CoreSite 

e Epsilon Infiny 

e Equinix Fabric 
e Megaport 

e PacketFabric 


SD-WAN 

e Aruba (Silverpeak) 

e Infovista 

e VMWare (Velocloud) 


Endpoint Protection 
Providers 

(for device security 
posture) 


e Crowdstrike 
e SentinelOne 
e Tanium 


e VMWare Carbon 
Black 


@> Cloud Providers 


Cloud Storage 
Destinations 


e AWS S3 


e Google Cloud 
Storage 


e Microsoft Azure Blob 
Storage 


e Other vendors with 
an S3-compatible 
API 


Endpoint Management 
Providers 
(for client deployment) 


e Hexnode 

e Ivanti 

e Jamf 

e Jumpcloud 

e Kandji 

e Microsoft Intune 


Cloud Analytics & SIEM 


Partners 

e Datadog 

e Splunk 

e Sumo Logic 


To learn more about Cloudflare Zero Trust and request a demo or POC from a sales representative, 
please visit: https://www.cloudflare.com/products/zero-trust. 
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